Online services often involve the communication of sensitive material between the user agent associated with a client computer and the online service provider. At the very least, as in the case of an online email service, the user would prefer hostile parties not have access to the communicated information. In other circumstances, such as online banking or investment management, it is essential to the user that the communicated information cannot be intercepted by a hostile party. Because of the sensitivity, mechanisms such as identification and authentication are used to ensure authenticated access. For instance, an authentication server may verify a user and pass an authentication ticket to the online service provider. But, in the wrong hands, the authentication ticket may allow access by a hostile party to private information. Unfortunately, there is no effective way to ensure secure communication between a user and an online service provider.